OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- fix CVE-2014-3538 (unrestricted regular expression
matching)

- fix #1284826 - try to read ELF header to detect
corrupted one

- fix #1263987 - fix bugs found by coverity in the patch

- fix CVE-2014-3587 (incomplete fix for CVE-2012-1571)

- fix CVE-2014-3710 (out-of-bounds read in elf note
headers)

- fix CVE-2014-8116 (multiple DoS issues (resource
consumption))

- fix CVE-2014-8117 (denial of service issue (resource
consumption))

- fix CVE-2014-9620 (limit the number of ELF notes
processed)

- fix CVE-2014-9653 (malformed elf file causes access to
uninitialized memory)

- fix #809898 - add support for detection of Python 2.7
byte-compiled files

- fix #1263987 - fix coredump execfn detection on ppc64
and s390

- fix #966953 - include msooxml file in magic.mgc
generation

- fix #966953 - increate the strength of MSOOXML magic
patterns

- fix #1169509 - add support for Java 1.7 and 1.8

- fix #1243650 - comment out too-sensitive Pascal magic

- fix #1080453 - remove .orig files from magic directory

- fix #1161058 - add support for EPUB

- fix #1162149 - remove parts of patches patching .orig
files

- fix #1154802 - fix detection of zip files containing
file named mime

- fix #1246073 - fix detection UTF8 and UTF16 encoded XML
files

- fix #1263987 - add new execfn to coredump output to show
the real name of executable which generated the coredump

- fix #809898 - add support for detection of Python
3.2-3.5 byte-compiled files

- fix #966953 - backport support for MSOOXML

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000460.html
https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000464.html

Solution :

Update the affected file / file-libs packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now